Pulse Detail — Threat Intelligence

PULSE NAME

ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity

WHITE mohdrennis 2022-04-17 Modified: 2022-04-17

102

IOCs

HIGH VOLUME

Zloader is one of the world’s most dangerous banking trojan families, and ESET researchers have been closely monitoring its activity and evolution since it was announced and advertised in underground forums.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1068 T1566 T1496 T1090 T1003 T1005 T1008 T1012 T1016 T1027 T1033 T1036 T1041 T1047 T1055 T1056 T1057 T1059 T1070 T1071 T1074 T1082 T1083 T1106 T1113 T1124 T1140 T1189 T1204 T1219 T1482 T1489 T1490 T1518 T1529 T1539 T1547 T1548 T1553 T1555 T1557 T1560 T1562 T1568 T1573 T1583 T1584 T1587 T1588

MALWARE FAMILIES

Zloader Zbot KY NKA ADI HODI Cobalt Strike HOGN ADUM PHL PHM AO HNLQ Ursnif

Indicators of Compromise (36 / 102 total)

All URL CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://endoftheendi.com/12.exe	—	2022-04-17
URL	https://cmdadminu.com	—	2022-04-17
URL	https://datalystoy.com	—	2022-04-17
URL	https://teamworks455.com	—	2022-04-17
URL	https://updatemsicheck.com	—	2022-04-17
URL	http://1.3.27.0	—	2022-04-17
URL	http://1.6.28.0	—	2022-04-17
URL	http://1.8.30.0	—	2022-04-17
URL	https://aerulonoured.su	—	2022-04-17
URL	https://asdfghdsajkl.com/gate.php	—	2022-04-17
URL	https://braves.fun/racoon.exe	—	2022-04-17
URL	https://checksoftupdate.com	—	2022-04-17
URL	https://clouds222.com	—	2022-04-17
URL	https://commandaadmin.com	—	2022-04-17
URL	https://daksjuggdhwa.com/gate.php	—	2022-04-17
URL	https://djshggadasj.com/gate.php	—	2022-04-17
URL	https://dkisuaggdjhna.com/gate.php	—	2022-04-17
URL	https://dotxvcnjlvdajkwerwoh.com	—	2022-04-17
URL	https://dquggwjhdmq.com/gate.php	—	2022-04-17
URL	https://eiqwuggejqw.com/gate.php	—	2022-04-17
URL	https://endoftheendi.com	—	2022-04-17
URL	https://endoftheendi.com/us.dll	—	2022-04-17
URL	https://iasudjghnasd.com/gate.php	—	2022-04-17
URL	https://kdjwhqejqwij.com/gate.php	—	2022-04-17
URL	https://kjdhsasghjds.com/gate.php	—	2022-04-17
URL	https://lkjhgfgsdshja.com/gate.php	—	2022-04-17
URL	https://porno3xgirls.fun	—	2022-04-17
URL	https://porno3xgirls.space	—	2022-04-17
URL	https://porno3xgirls.website	—	2022-04-17
URL	https://pornokeyxxx.pw	—	2022-04-17
URL	https://pornoxxxguru.space	—	2022-04-17
URL	https://porxnoxxx.pw	—	2022-04-17
URL	https://porxnoxxx.site	—	2022-04-17
URL	https://rec.kindplanet.us	—	2022-04-17
URL	https://sofftsportal.su	—	2022-04-17
URL	https://teamworks455.com/_country/check.php	4581c84f0d415b6f3405c104afafd04d621a1e76bf4f93de7babb8c5507456af	2022-04-17

References (1)

↗ https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/